microsoft-authentication-library-for-dotnet: Exception using sign in with Apple
Which Version of MSAL are you using ? Note that to get help, you need to run the latest version. Preview version are also ok. For ADAL, please log issues to https://github.com/AzureAD/azure-activedirectory-library-for-dotnet 4.5.1
Platform xamarin iOS
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
Other? - please describe;
Is this a new or existing app? This app is in production and I am trying to add Apple as an Identity provider in B2C
Repro I have created a custom policy in Azure B2C following the tutorial: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom#register-identity-experience-framework-applications
I then added an Identity provider for apple based on the following example: https://techcommunity.microsoft.com/t5/Azure-Developer-Community-Blog/quot-Sign-In-with-Apple-quot-Custom-Policy-for-Azure-AD-B2C/ba-p/766575
Everything works really well in Android and on iPad and I am able to log in with my Apple account no problem. But on iPhone (ios 13 and ios 12) I am getting an error ErrorCode: server_error Microsoft.Identity.Client.MsalServiceException: AADB2C90289: We encountered an error connecting to the identity provider. Please try again later. Correlation ID: b68ebf8f-e059-4ae4-8274-3058e115bd25 Timestamp: 2019-10-07 14:48:05
My app loads up my policy, I tap on my Sign In With Apple button, the Apple Webpage displays and I enter my credentials. Everything appears to be working and then this exception is thrown.
Is there some way I can find out more information on what this error means and why it would be appearing on iOS?
I have redirect URLs setup on the Apple Developer Console redirecting to “https://tenant.b2clogin.com/tenant.onmicrosoft.com/oauth2/authresp”
My Apple Login provider in my custom policy looks like:
<ClaimsProvider>
<Domain>Apple</Domain>
<DisplayName>Apple</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AppleID">
<DisplayName>Sign in with Apple</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="client_id">com.XXXXX.B2CSignInService</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="METADATA">https://XXXXXXXXXXX.azurewebsites.net/api/signinwithapple/.well-known/openid-configuration</Item>
<Item Key="response_types">code</Item>
<Item Key="scope">email</Item>
<Item Key="response_mode">form_post</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_AppleIDAppSecret" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="login_hint" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
<OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="email" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
Expected behavior Login works the same on both Android and iOS.
Actual behavior Exception is thrown on iOS (iPadOS is fine).
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 1
- Comments: 55 (1 by maintainers)
Hi all - Please shoot me an email with this info:
We can start with that info and then troubleshoot from there. Thanks!
Hi @mirogrg1 and @mtanml
Could you both reach out to me via email? jodougla@microsoft.com
I would like to review the steps you took to connect to Apple and just make sure that the things are configured properly, and you properly generated the JWT to be used as the client secret.
My issue was in the generated client secret. I was using a .net code from one of the samples and @jkdouglas pointed out that I should try to use JS script as in the pdf above which worked like a charm
I’ve looked in to this again now having just posted and compared our msal implementation to the sample code here:
https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-b2c-xamarin-native/integrate-azure-ad-b2c-xamarin-forms/
I think the issue is that our msal library was still using the outdated “login.microsoftonline.com” instead of “[tenant].b2clogin.com”.
Having changed this across, the login appears to work now for our UWP app, so I will test again on iOS, and hopefully will be fixed. I’ll post here if not - thank you for all the quick replies!
I get the error when authenticating with user id and password. Latest correlation id is 533c15ad-0cda-4572-9f88-e34db8caa4a2
Hi @jennyf19 ! Here’s a brand new Correlation ID: f29f2952-848c-4d68-885a-f13c705e5b63
And we are now on MSAL version 4.7.1
Thanks!
@jennyf19 I can make you one and send it privately (don’t really want to post the tenant etc on here). Is that any use? Have you an email or something I could send it to? I won’t be able to make a sample app until Monday.
Amazing! Thanks @jennyf19 !